FirewallControlPanel[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

FirewallControlPanel.dll
Size

879KB
MD5

a53f36fe97a7ffe3e9de2e36f09fd590
SHA1

f4ced6c24ccc5e1b11fbb05bb637e5cb12d354a1
SHA256

b0c8af8a04705fae30bc53d1179b5a8a3972a3f544f8730a55ccc5156d491d4e
SHA512

ee69082d34897a3e3628958b25f4c44659071e0480d1c6be58636c3f0ae19d5c38b069af22ed04968c2902765398211046d04628d8b5011dbc8aa4b026416cb7
SSDEEP

12288:IC86L1/tE1+D56HqzJHMed87HHjlmoRnJj0ZbC0XWNYacpO:A6L1/2g6H+J7danZmkR04Xy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FirewallControlPanel.dll

Files

FirewallControlPanel.dll
.dll regsvr32 windows:10 windows x86 arch:x86

75b7935afb8ca00df4d780d447182743

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FirewallControlPanel.pdb

Imports

msvcrt

_wcsicmp
wcsspn
qsort
_purecall
_wtol
towupper
_except_handler4_common
_vsnwprintf
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_ftol2_sse
wcsrchr
_CxxThrowException
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
__CxxFrameHandler3
memset
malloc
free
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
floor

ntdll

WinSqmIncrementDWORD
RtlQueryElevationFlags
WinSqmAddToStream
WinSqmIsOptedIn
EtwEventWrite
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwLogTraceEvent

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
GetModuleHandleExW
LoadLibraryExW
DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-synch-l1-2-0

WaitForSingleObjectEx
InitOnceBeginInitialize
ReleaseMutex
OpenSemaphoreW
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSemaphore
InitOnceComplete
OpenMutexW
CreateSemaphoreExW
CreateMutexExW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
Sleep
EnterCriticalSection
ReleaseSRWLockExclusive
CreateEventW
ResetEvent
SetEvent

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-2

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantInit
SysFreeString
SysAllocString
VariantClear

api-ms-win-core-com-l1-1-1

CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
StringFromGUID2

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl

api-ms-win-security-base-l1-2-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-memory-l1-1-2

VirtualFree
VirtualAlloc

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-interlocked-l1-2-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-obsolete-l1-2-0

StrCmpCW
QISearch
StrCmpICW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW
SHStrDupW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenW
lstrcmpiW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

shcore

ord188
IUnknown_SetSite
ord190
ord140
IUnknown_QueryService
IUnknown_Set
IUnknown_GetSite
ord145

shlwapi

ord204
ord172
AssocQueryStringW
PathFindFileNameW
ord538
PathFindExtensionW
ord24

user32

GetDlgItemInt
GetWindowTextLengthW
SetDlgItemInt
KillTimer
ReleaseCapture
GetWindow
SetWindowTextW
NotifyWinEvent
GetMessagePos
DrawFocusRect
GetFocus
InflateRect
GetParent
MessageBoxW
LoadIconW
MapWindowPoints
SystemParametersInfoW
InvalidateRect
MoveWindow
GetWindowTextW
ReleaseDC
DrawTextW
CreateIconIndirect
GetDlgCtrlID
EndPaint
BeginPaint
FillRect
SetRect
DrawIconEx
GetClientRect
GetSysColor
SetTimer
SetFocus
DestroyIcon
EndDialog
GetMonitorInfoW
MonitorFromRect
GetWindowRect
IsDlgButtonChecked
SetForegroundWindow
SetActiveWindow
SetWindowPos
GetDoubleClickTime
SetClassLongW
LoadImageW
GetSystemMetrics
CheckDlgButton
EnableWindow
SendDlgItemMessageW
ShowWindow
GetDlgItem
SetDlgItemTextW
SetCursor
LoadCursorW
SendMessageW
SetPropW
UnregisterClassW
CallWindowProcW
GetPropW
RegisterClassExW
GetClassInfoExW
DialogBoxParamW
GetActiveWindow
LockSetForegroundWindow
PostMessageW
SetWindowLongW
DefWindowProcW
GetWindowLongW
DestroyWindow
SetCapture
ClientToScreen
GetKeyState
MessageBeep
RemovePropW
IsWindowVisible
GetDC
UnregisterClassA
CreateWindowExW
PtInRect

kernel32

UnregisterWaitEx
QueueUserWorkItem

gdi32

CreateSolidBrush
CreateFontIndirectW
GetObjectW
SetDIBits
DeleteObject
SetBkMode
GetStockObject
SetTextColor
CreateBitmapIndirect
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC

uxtheme

DrawThemeBackground
GetThemeColor
SetWindowTheme
IsThemeActive
CloseThemeData
GetThemeBackgroundContentRect
OpenThemeData
GetThemeFont

oleacc

CreateStdAccessibleProxyW
ObjectFromLresult
LresultFromObject

firewallapi

FWOpenPolicyStore
FwGetVersionField
FwIsGroupPolicyEnforced
FWGetConfig
FWClosePolicyStore
IcfChangeNotificationDestroy
IcfChangeNotificationCreate
FWEnumProducts
FWFreeProducts
FwAnalyzeFirewallPolicyOnProfile
FWEnumFirewallRules
FwActivate
FWDeleteFirewallRule
FwFree
FWAddFirewallRule
FWSetFirewallRule
FWFreeFirewallRules
FWGetGlobalConfig

msimg32

GradientFill

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ShowNotificationDialogW
ShowWarningDialogW

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75b7935afb8ca00df4d780d447182743

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-com-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-string-l2-1-1

api-ms-win-core-memory-l1-1-2

api-ms-win-core-util-l1-1-0

api-ms-win-core-interlocked-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-2-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

shcore

shlwapi

user32

kernel32

gdi32

uxtheme

oleacc

firewallapi

msimg32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-sidebyside-l1-1-0

Exports

Exports

Sections

.text Size: 253KB - Virtual size: 252KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 1024B - Virtual size: 964B

.rsrc Size: 594KB - Virtual size: 594KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 253KB - Virtual size: 252KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 1024B - Virtual size: 964B

.rsrc
Size: 594KB - Virtual size: 594KB

.reloc
Size: 18KB - Virtual size: 18KB